firewalls >> FORTIGATE 200 PORT FORDWARDING DNS PROBLEM

by hmartz » Sat, 27 Aug 2005 22:26:31 GMT

I have a problem with a Fortinet Fortigate appliance.

In the local network there is a Windows 2000 Server machine runing DNS
server and IIS with a local IP 192.168.10.7 ( hosting a website) this
machine is at a DMZ behind a Fortigate 200 Firewall, and is reachable
from the internet using "Static Nat" from a public IP to the internal
IP of this Windows Server.

I recently install a new Linux machine on the same LAN with IP
192.168.10.10 running Apache on default port 80 running a website and
want this website can be viewed from the internet, so i tought that
port redirection was the solution and setup a "Port Forwarding" rule on
the Fortigate opening a 8088 port on external that redirects to the
internal ip ( 192.168.10.10 ) on port 80 ( http ).

Unfortunately we have just only one public IP , and the port
redirection did not work, may be because the "Static Nat" that makes
work the website on the windows box supersedes the Port Forwarding
rule.
So I disable the Static Nat to the Windows box and create Port
Forwarding from external to ports 80tcp, 53tcp, 53udp. My linux site on
port 8088 works, the windows site works ... but after a time the Domain
Name that the Windows serves goes down from Internet. When I enable
NAT again to the Win box, the DNS works again!.

What i doing wrong?.



Similar Threads

1. Problems with Consolidate WINS, DNS and DHCP on Windows Server 200

2. Windows 200 VPN Problem

Hi,

Problem:
-------
Clients can successfully connect to the Windows 2000 VPN server but
can't ping/access any of the machines on the LAN in the office.  For
now, I am only interested in accessing a machine with a static IP
192.168.1.2.


Setup:
-----
I setup a VPN/RAS server on a machine running Windows 2000 Server. 
This server is behind a Linksys BEFW11S4 router.

- I have enabled "PPTP Pass Through", "IPSec Pass Through" and added
Port 47, 1723, and 500 to "Port Triggering" as described on the
Linksys's support section.
- DHCP is enabled on the router

Router IP:  192.168.1.1
VPN Server IP (static):  192.168.1.3, Subnet:  255.255.255.0

-------------------------------------------
CLIENT -- AFTER THE VPN CONNECTION IS MADE:
-------------------------------------------

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : PC1
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Orinoco Wireless:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : ORiNOCO Wireless LAN PC
Card (5 volt
)
        Physical Address. . . . . . . . . : 00-03-91-3E-12-C2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 199.45.32.43
                                            199.45.32.38
        Primary WINS Server . . . . . . . : 172.28.0.11
        Lease Obtained. . . . . . . . . . : Sunday, August 24, 2003
11:05:44 PM
        Lease Expires . . . . . . . . . . : Monday, August 25, 2003
11:05:44 PM

PPP adapter VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.200
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.200
        DNS Servers . . . . . . . . . . . : 209.116.241.10
                                            199.45.32.43
        Primary WINS Server . . . . . . . : 192.168.1.1

C:\>

-------------------------------------------

One thing I am puzzled about is that the DHCP assigned a subnet of
255.255.255.255 (see above) to the client.  Since the office PC's
running on 255.255.255.0, is this a problem?  Also, the gateway of
192.168.1.200 is assigned which doesn't seem right.

I am pulling my hair our trying to figure out what is going on.  Any
help will be greatly appreciated.

Thanks

3. Win 200 Pro networking problem

4. Windows 200 Dial-up networking problem

I have a windows 2000 professional installation.  It dials up to the
internet through single channel ISDN.  The dialup settings are set to
with the login details and password, and they are set to save the
details.

Normally everything works fine.  However, now and then (and getting
more frequent recently) the settings are being lost.  The dial up
account needs the details re-entering after a few times.

Does anyone know why this might be happening?

Thanks

5. NT 200 Internet Explorer problem

6. Windows 200 VPN Problem

Hi,

Problem:
-------
Clients can successfully connect to the Windows 2000 VPN server but
can't ping/access any of the machines on the LAN in the office.  For
now, I am only interested in accessing a machine with a static IP
192.168.1.2.


Setup:
-----
I setup a VPN/RAS server on a machine running Windows 2000 Server. 
This server is behind a Linksys BEFW11S4 router.

- I have enabled "PPTP Pass Through", "IPSec Pass Through" and added
Port 47, 1723, and 500 to "Port Triggering" as described on the
Linksys's support section.
- DHCP is enabled on the router

Router IP:  192.168.1.1
VPN Server IP (static):  192.168.1.3, Subnet:  255.255.255.0

-------------------------------------------
CLIENT -- AFTER THE VPN CONNECTION IS MADE:
-------------------------------------------

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : PC1
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Orinoco Wireless:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : ORiNOCO Wireless LAN PC
Card (5 volt
)
        Physical Address. . . . . . . . . : 00-03-91-3E-12-C2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 199.45.32.43
                                            199.45.32.38
        Primary WINS Server . . . . . . . : 172.28.0.11
        Lease Obtained. . . . . . . . . . : Sunday, August 24, 2003
11:05:44 PM
        Lease Expires . . . . . . . . . . : Monday, August 25, 2003
11:05:44 PM

PPP adapter VPN:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.1.200
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.1.200
        DNS Servers . . . . . . . . . . . : 209.116.241.10
                                            199.45.32.43
        Primary WINS Server . . . . . . . : 192.168.1.1

C:\>

-------------------------------------------

One thing I am puzzled about is that the DHCP assigned a subnet of
255.255.255.255 (see above) to the client.  Since the office PC's
running on 255.255.255.0, is this a problem?  Also, the gateway of
192.168.1.200 is assigned which doesn't seem right.

I am pulling my hair our trying to figure out what is going on.  Any
help will be greatly appreciated.

Thanks

7. Dcdiag errors before transfering existing DNS on Win 2K to Win 200

8. VS on remote network - DNS on Corp network - Host is W. Server 200

I have read a lot of the posts using the Keywords Microsoft Loopback Adapter 
and they kind of answer my question which is what do I need to do to use a 
VPN connection to attach my virtual network to the corporate forests.  

I have resently moved to a remote site and my connection to the corp network 
is through a VPN.  When I was connected physically to the Corp network I had 
access to all the forests that we have on the network.  

On the Host machine, a dell server with Windows Server 2003R2 sp2 on it, I 
can still access the resources on all the forests, but the VPC's have all 
lost that functionality.  My network admin advised me to add a M. Loopback 
Adapter which I have done.  I also have enabled ICS on the VPN Miniport for 
the MLA to use internet, which didn't work.  I enable ICS on the physical 
network card and now the internet works on the VPC's.

My problem is that I think I am getting too many parts (not enough parts?) 
to make this work.  In other words, I'm confused. :(

The functionality that I need is:
1.) to have the VPC (with the OS's of XPPro and WS2003/8) be available to 
the host
via Remote Desktop Connection.
2.) To have the VPC's be able to use the internet (host always connected via 
a WRT54G router with an internal IP of 192.168.3.1).
3.) To have the VPC's be able to see the corporate forests and each other 
and the local host (yes it is part of one of the corporate forests)

Sounds simple and probably is.  Can anyone help?

-- 
Thanks, Marc